Skip to content
Search AI Powered

Latest Stories

CYBER SECURITY

Supply chain looks to cyber self-defense

Hackers are targeting transportation firms as the industry embraces digitalization, the IoT, and smartphone apps. But there are protective steps these firms can take, experts say.

Padlock in cyberspace

Computer hackers loom large in newspaper headlines and Hollywood movies, but transportation and supply chain workers haven’t traditionally seen them as a real threat. After all, driving a truck or a forklift meant you were seldom even near a computer keyboard, and there’s nothing digital about booking freight loads using a clipboard and a phone.

However, in the past five years, the logistics industry has been awash in cybertrends like supply chain digitalization, the Internet of Things (IoT), and the expanded use of electronic logging devices (ELDs), not to mention the smartphones that most Americans carry in their pockets or purses these days.


Hackers have taken notice, and in recent months, they’ve rung up a string of successful attacks on supply chain stalwarts such as the digital freight broker truckstop.com, ocean carrier Mediterranean Shipping Co. (MSC), freight brokerage Total Quality Logistics (TQL), Australian third-party logistics services provider Toll Group, and transportation provider Roadrunner Transportation Systems Inc.

Most of those attacks used “ransomware” to lock down the victims’ computer networks, hobbling their logistics operations until they cracked the code or paid a ransom to the data-kidnappers. As a rule, the targets of these cybercriminals do not disclose the details of the extortion to avoid encouraging future attacks.

The financial damage aside, the mere act of freezing a company’s operations for a few days can damage the victim’s reputation. Even the names of the bugs and viruses deployed by hackers sound frightening, including malware like Azorult, Hawkeye, Kwampirs, Locky, Lokibot, Nanocore, Netwired, Remcos, and Shamoon.

Despite the growing danger posed by cyberthreats, logistics firms can follow some basic rules to greatly reduce their exposure, such as educating employees, putting proper network controls in place, and creating disaster recovery plans.

PROTECT THE WEAKEST LINK

One way companies can protect themselves is by defining a single set of best practices for all employees, regardless of their role in the organization, says Chris Sandberg, vice president of information security for supply chain technology company Trimble Transportation.

Trimble, a provider of fleet management and transportation management software, says many of its clients rely on a compex IT (information technology) infrastructure in their daily operations, noting that a typical logistics service provider might have servers in its back office, telematics hardware on its trucks, and cloud-based networks used to manage maintenance and other critical tasks. “It’s important to have that standard so the same … controls are in place across all the different [types] of technology a customer might be using, because a chain is only as strong as its weakest link,” Sandberg says.

Another critical step in cyber self-defense is to establish a recovery plan before a problem ever develops. “The best time to develop your disaster plan is not during the disaster,” Sandberg says. “If you’re a trucking company and you get stuck with a crypto-lock virus, how do you continue operations? If you’ve identified certain elements as critical resources, you can come up with mitigation strategies.”

As logical as that might sound, smaller carriers often lack the resources to prepare disaster recovery plans ahead of time, Sandberg says. On top of that, they frequently lack the IT capabilities to distinguish between “white hat” hackers—who are basically using their skills to help companies identify their digital vulnerabilities—and “black hat” hackers who are plotting serious crimes, Sandberg says. A cybercriminal looking for a big payout might threaten a company by freezing its data and demanding a ransom, by stealing and selling a company’s data, or by collecting demographic information on its employees in an attempt to hire them away.

In many cases, an employee won’t even realize that they’ve become the victim of a hack until it’s too late, he says. “If someone sends out an email with malware links, they’re not targeting someone; it’s indiscriminate. They’re just trying to get someone to click on the link so they can freeze the account and get them to pay a ransom,” he says.

In another approach, a hacker might target truck drivers by offering them a free smartphone app that provides discounts on food and fuel, for example. That sounds harmless at first, but all data has value, Sandberg says. “Most people don’t read the disclaimers before they download an app,” he says. “Then, the hacker can scrape demographic information from them [and share it with] competing carriers. With the driver shortage, those carriers could use that information to target their advertising to a specific population of drivers and hire away those employees.”

For operations facing such threats, the best defense is education, says Jane Jazrawy, CEO of CarriersEdge, a provider of online driver-training platforms. And that’s become particularly important since the onset of the Covid-19 pandemic, which has made supply chain firms even more vulnerable to cyberthreats, she says.

What’s made them more vulnerable is the widespread adoption of work-from-home policies designed to curb the spread of the virus, Jazrawy explains. In the past few months, thousands of logistics professionals have migrated from the traditional office to the home office, leaving the safety of the corporate IT infrastructure and logging onto personal laptops using home data networks that are seldom up to date.

“Networks at home don’t have the same firewalls and protection” as at work, Jazrawy says. “You may not have a password on your router. Or you may be using your neighbor’s Wi-Fi, or you haven’t updated Norton Antivirus for three years. So as everybody goes home to work, the hackers are coming. They’re just itching to go; it’s like Christmas for hackers.”

“WE’RE ALL TECH WORKERS NOW”

The supply chain sector has also become more vulnerable to security breaches because fleets today share their data with more partners than ever before in order to provide real-time shipment visibility. “When a customer sends data to a trucking company, a whole chain of data then moves between the dispatcher, planner, loadboards, truck stops, drivers, and more,” Jazrawy says.

As supply chain companies enter the computer age, they need to be aware they are now moving data as well as freight, and criminals see both as valuable targets. “People in the transportation industry don’t think of themselves as technology workers; they don’t think they’re important enough that anyone would want their data,” she says. “But hackers are usually just trying to get their data so they can use it to get even more data and then commit a larger, more profitable crime.”

In order to protect themselves, companies must guard against two types of risk: technological and human. “Most hackers are not so much trying to use technology, but to use social engineering,” Jazrawy says. “If you can get someone to cough up their password, that’s way easier than trying random passwords forever until you get into their system.”

Computer users can defend themselves against those threats by studying the risks and staying vigilant, she says. Most social engineering—or “phishing” attacks—use psychological tactics, preying on fear, greed, or some other human emotion. “So now we’re seeing all these Covid-19 email messages that are playing on fear,” Jazrawy says. “But it’s usually phishing; saying ‘Click here and we’ll solve all your problems.’”

If a transportation worker does click on one of those links by mistake, they should follow two simple steps, she says: First, don’t panic, and second, disconnect from the network—whether it’s a cord or Wi-Fi—and run a virus scan to identify any malware that might have been installed.

Cybercrime in the supply chain sector is definitely on the rise. But across the industry, IT experts agree that there are steps logistics company leaders can take to protect their operations from hackers, including educating employees and putting proper network controls in place. “The more you know and are aware and are vigilant,” Jazrawy says, “[the better your chances of avoiding] the threat.”

The Latest

Artificial Intelligence

AI: Is it the real deal?

More Stories

Logistics economy picked up speed in January

Logistics Managers' Index

Logistics economy picked up speed in January

Economic activity in the logistics industry expanded in January, growing at its fastest clip in more than two years, according to the latest Logistics Managers’ Index (LMI) report, released this week.

The LMI jumped nearly five points from December to a reading of 62, reflecting continued steady growth in the U.S. economy along with faster-than-expected inventory growth across the sector as retailers, wholesalers, and manufacturers attempted to manage the uncertainty of tariffs and a changing regulatory environment. The January reading represented the fastest rate of expansion since June 2022, the LMI researchers said.

Keep ReadingShow less

Featured

Disrupting the furniture supply chain: An interview with Jay Rogers

Disrupting the furniture supply chain: An interview with Jay Rogers

As commodities go, furniture presents its share of manufacturing and distribution challenges. For one thing, it's bulky. Second, its main components—wood and cloth—are easily damaged in transit. Third, much of it is manufactured overseas, making for some very long supply chains with all the associated risks. And finally, completed pieces can sit on the showroom floor for weeks or months, tying up inventory dollars and valuable retail space.

In other words, the furniture market is ripe for disruption. And John "Jay" Rogers wants to be the catalyst. In 2022, he cofounded a company that takes a whole new approach to furniture manufacturing—one that leverages the power of 3D printing and robotics. Rogers serves as CEO of that company, Haddy, which essentially aims to transform how furniture—and all elements of the "built environment"—are designed, manufactured, distributed, and, ultimately, recycled.

Keep ReadingShow less
chart of GenAI effect on workforce

Gartner: GenAI tools create anxiety among employees

Generative AI (GenAI) is being deployed by 72% of supply chain organizations, but most are experiencing just middling results for productivity and ROI, according to a survey by Gartner, Inc.

That’s because productivity gains from the use of GenAI for individual, desk-based workers are not translating to greater team-level productivity. Additionally, the deployment of GenAI tools is increasing anxiety among many employees, providing a dampening effect on their productivity, Gartner found.

Keep ReadingShow less
warehouse worker driving forklift between racks

German 3PL Arvato acquires two U.S. logistics firms

The German third party logistics provider (3PL) Arvato this week acquired the U.S.-headquartered companies Carbel LLC and United Customs Services, saying the move would grow its client base, particularly in the fashion, beauty, and lifestyle segments.

According to Arvato, it made the move in order to better serve the U.S. e-commerce sector, which has experienced high growth rates in recent years and is expected to grow year-on-year by 5% within the next five years.

Keep ReadingShow less
photo collage of warehouse tech

Supply chain pros are wary of inflation and labor woes

The top worries that supply chain leaders hope to address with new innovations this year include inflationary concerns (68%) and labor shortages (50%), according to a survey on innovation from the third-party logistics provider (3PL) Kenco.

And many of them will have a budget to do it, since 51% of supply chain professionals with existing innovation budgets saw an increase earmarked for 2025, suggesting an even greater emphasis on investing in new technologies to meet rising demand, Kenco said in its “2025 Supply Chain Innovation” survey.

Keep ReadingShow less